Quote:
Originally Posted by carlosinfl
I've got a mail server running Postfix and Dovecot but I'm confused about using IMAP or IMAPS for mail. I was told on the Dovecot mailing list that IMAPS is legacy and shouldn't be used. I'm using 256-bit SSL encrypted certificates with TLS but I don't know if I need to configure IMAP or IMAPS. Can someone please explain the difference?
|
IMAP is a simple clear-text Internet Message Access Protocol. Without encryption you send the commands used in this protocol in clear text.
Quote:
DONE
16 close
17 logout
15 OK IDLE completed
16 OK CLOSE completed
* BYE mail.server.com IMAP4rev1 server terminating connection
17 OK LOGOUT completed
|
IMAPS is the same protocol but the data transmission is encrypted with SSL/TLS. The question whether use IMAP or IMAPS can be understand in two ways:
Use or not encryption on the transmitted data - IMAP not encrypted, IMAPS encrypted with SSL
Or use STARTTLS or SSL encryption method - IMAP with STARTTLS or IMAP with TLS/SSL (which is IMAPS)
In my understanding the two encryption methods SSL/TLS and STARTTLS are like this:
SSL encrypts the network connection between the client and server. Any application level command fallows only after this. Usually it uses different port for the encrypted connection (993) which is than transferred to a normal application port (for example 143 - on OS level).
STARTTLS is invoked after a basic (clear-text) connection between client and server. But it is already a part of the application. Uses the standard port (for example 25 SMTP) but in this case the application (for IMAP or SMTP) must handle the encryption itself (sendmail for example).
In my case SMTP can use both SSL and STARTTLS - sendmail can handle STARTTLS and stunnel (another application) can manage SSL (SMTPS) for sendmail.
I believe that the most important question about STARTTLS is whether the application supports it or not. In addition STARTTLS allows some commands used between the client and server in clear text the STARTTLS invocation is an option.